In the aftermath of the eBay breach, there have been numerous articles in the media examining what eBay could have done to prevent the breach, better ways that they could have reacted to the breach, and recommendations for eBay users who think they may have been affected by the breach. But as we learn more about the fallout from the eBay attack, one thing is clear – network forensics could have played a crucial role in answering some of the still unanswered questions about the breach.
One of the more interesting pieces of information to come out of the eBay breach was that it occurred in late February or early March, but wasn’t detected by the company until earlier this month. For a large Internet corporation sitting on an abundance of customer data, this is a long time to respond. How could eBay have figured out details of the breach sooner? One tactic would have been deploying network forensics.
Network forensics allows for the capture, storage, and analysis of all network events – including any and all activity on the network, from initial access to data transfers to application usage. With network forensics, eBay — or any victim of a security breach or vulnerability — could monitor packet-level data. Packet-level forensics provides a complete recording of all network activity, down to each and every bit that gets transmitted and communicated on a network. With packet-based analysis, you can quickly verify security alerts, determining if they are false positives, or real. If real, you can take action immediately, reducing your response time to minutes or hours vs. weeks and months. If the alert is merely a false positive, you’ll have definitive analysis to validate your assumptions, and detailed data to use in tuning your security systems to reduce the number of false positives and increase the validity of future security alerts.
We don’t know for certain what kind of forensics solution eBay is using, but one thing we do know is that a comprehensive, high performance packet capture forensics solution could have played a large role in answering some of the questions that remain following the eBay attack.
Today, highly targeted, low profile network breaches are on the rise. Designed for economic gain, the consequences of these attacks are growing increasingly dire. In the last few months alone there have been not one, but two high profile hacks: Target and eBay. While the fallout from the eBay attack is still uncertain, the after effects of the Target attack were far reaching and long term.
A BloombergBusinessweek story on the Target breach indicates that Target received alerts about malware being uploaded to some of its systems. However, these alerts were ignored. Often these types of alerts are ignored because verification is difficult. But as we saw with Target – ignoring alerts is a risky move.
Network forensics makes it extremely easy to verify any security alert. In the case of Target, a simple forensics search on recorded network traffic over a specific period of time and including specific IP addresses, would have verified activity quickly and easily. Verification of the malware alert would have given Target the information needed to take action and prevent further spread of the malware, and prevent any data leakage at all. With network forensics you can verify alerts and identify the depth of the breach – all with a few simple clicks the instant an alert is received.
Stories about the eBay attack pointed to the fact that eBay used forensics to track the breach back to its origins and identify exactly what had been stolen. While we do not know what type of forensics they used, we know that packet-based forensics would provide 100 percent clarity regarding what was stolen, when it was stolen, and what methods were used once the hackers were logged in.
In our May 28 webinar, “Your Insurance Policy for Network Breaches” you’ll learn:
- how network forensics—network recording along with powerful search and analysis tools—can enable your in-house security team to track down, verify, and characterize attacks
- what is required for effective forensics on today’s 10G and 40G networks
- best practices for configuring captures to help you and your team pinpoint and remediate anomalous behavior that could signal an attack.
RSVP to this complimentary webinar to learn more about your network breach insurance policy: network forensics.
The bring your own device (BYOD) trend has been picking up steam for quite some time now, leaving some IT managers scrambling to keep their networks secure. As a younger generation accustomed to using personal mobile devices for pretty much everything enters the workforce, BYOD is likely to become even more commonplace.
According to a study by CompTIA, nearly three-quarters of millennials—generally defined as those who reached young adulthood sometime around 2000—used a smart phone for work purposes over the past year, compared with just 37 percent of baby boomers. Tablets, laptops and GPS systems are also more popular among younger workers as well.
Without proper monitoring, BYOD can poke major holes in network infrastructure. For years IT teams had control of mobile devices employees were using for work, but with BYOD they are now charged with extending network access to a wide variety of devices while keeping information secure. They often worry about malware infections or vulnerable devices lost by employees and found by strangers who should not have access to company information.
Increasingly, IT teams are realizing that a multi-tiered security strategy often works best. For instance, educating users about the importance of strong passwords and keeping devices in sight at all times is crucial. Creating a formal, written policy that makes BYOD policy crystal clear for employees is helpful as well.
Of course, using top-flight network monitoring solutions is a major piece of the puzzle. With the advent of BYOD, now more than ever IT managers need a high-level, comprehensive view of everything happening on the network at a given time. Whether an employee is working in the coffee shop down the street or across the country, businesses need detailed network analysis to ensure security. BYOD is the future, and the future is here.